Disaster recovery: what will you do when the lights go out?
No business is immune from an outage. It can strike at any time and without warning, which is why it’s essential that you have a disaster recovery plan in place.
Computer systems have become so deeply embedded in the processes of many small to medium-sized businesses, organisations, over the last 20 years, that many organisations cannot operate effectively without them. Business continuity has become an increasing concern for organisations of all sizes. If a business can’t continue, it can’t generate income.
The cloud has certainly made disaster recovery for SMEs easier than ever before, however, having a suitable plan in place means more than just backing up daily to the cloud. It doesn’t take a large event, such as a fire, flood, or terrorist attack, to cause a business to lose important data, either. It can be as simple as dropping a laptop on the floor, or a power surge resulting in a burnt-out storage device.
Our reliance on such systems can be easily overlooked, as our dependence on them increases over long periods of time, resulting in inadequate protection for such essential systems.
Establishing a disaster recovery plan need not be as complicated as you think and below are a few important steps to take toward developing a plan of your own:
Housekeeping – While not exactly part of a disaster recovery plan, there are a few simple measures you can take to minimise the possibility or impact of a disaster or disruptive event. For example, proactive monitoring of your systems, regular verified data backups, and testing of your security systems such as firewalls and anti-malware solutions.
Inventory – Identify every possible source of system failure or data loss and ascertain the solution to each. Your list should also include losses that won’t affect the business a great deal, and those that would cause you to cease trading, either temporarily or permanently.
Prioritise – Once you have identified the threats that your business may face you need to understand the impact those threats can have, both in the short and long-term. Think about what would happen if disaster stuck. Which systems and services are the most important for your day-to-day operations and that you could simply not operate without? Rate each potential threat based on how likely is it to occur? Ranking your possible risk in order of importance and likelihood to occur will help you to decide where to concentrate your disaster recovery plan.
Plan – Look at each potential threat and identify their solutions. Determine how long it would take you to recover from each risk and look at ways to reduce the time it would take to recover. Take preventative measures designed to mitigate or prevent a disaster from occurring. Deploy detective measures to alert you of a potential disaster sooner than might otherwise occur. Train your staff so that everyone is clear on what is expected of them and they are comfortable in fulfilling their roles, in the event of a disaster.
Test – Now that you have created your disaster recovery plan it is time to test it. Simulate different scenarios and make them as realistic as possible. Immediately following the test, address any shortcomings or failures and modify the plan. Re-test it periodically, in part and as a whole, to ensure that it is still relevant and effective and to allow your staff to become familiar with the plan.